<< Come see me speak at IBM Software Day 2009 | Home | I'll be speaking at the Dutch Notes User Group in Amsterdam >>

Using a non self-signed certificate with Lotus Connections

When you deploy Lotus Connections you find out that the login has to be done using SSL and hence you need a SSL certificate. When Lotus Connections is installed a self-signed certificate is generated but you'll probably want to use a "real" certificate whether this be one signed by a public CA or one signed by a corporate CA. Doing this is quite simple if you only swap out the IBM HTTP Server certificate as this only requires change to httpd.conf and using the ikeyman application.

Although the ikeyman application looks like something from another century it works and does its job. To launch it go to c:\websphere\appserver\profiles\appserver1\bin and invoke ikeyman.bat (substitute the path as appropriate). Once this is done follow the documentation to create a new keystore database (KDB format) and create a stash file. Then generate a new key pair and submit the keys for certification at your CA (again follow the documentation). The stash file is used by the web server to open the otherwise encrypted keystore without a password.

When you receive the reply please bear in mind that the certifying certificate must be in the keystore before accepting the reply. For most CA's this will require you to import a certificate before proceeding. This goes for Equifax as well as Verisign. The easiest way to find these is to surf to your CA and search for "intermediate".

Once this is done you can import the certificate reply, update httpd.conf, restart IHS and you're laughing...




Add a comment Send a TrackBack